|Numéro de publication||US20030185220 A1|
|Type de publication||Demande|
|Numéro de demande||US 10/107,626|
|Date de publication||2 oct. 2003|
|Date de dépôt||27 mars 2002|
|Date de priorité||27 mars 2002|
|Numéro de publication||10107626, 107626, US 2003/0185220 A1, US 2003/185220 A1, US 20030185220 A1, US 20030185220A1, US 2003185220 A1, US 2003185220A1, US-A1-20030185220, US-A1-2003185220, US2003/0185220A1, US2003/185220A1, US20030185220 A1, US20030185220A1, US2003185220 A1, US2003185220A1|
|Cessionnaire d'origine||Moshe Valenci|
|Exporter la citation||BiBTeX, EndNote, RefMan|
|Citations de brevets (5), Référencé par (102), Classifications (8), Événements juridiques (1)|
|Liens externes: USPTO, Cession USPTO, Espacenet|
 This invention relates generally to parsing data, and more particularly to dynamically loading parsing capabilities to recognize data, such as a packet while communicating within networked systems or devices.
 Several protocols are available for data communications between networked systems or devices. Ethernet is a common protocol for a packet-based network, such as local area networks (LANs). Like other packet-based network protocols, Ethernet enables communication of data in packets (e.g., a data packet, such as an Ethernet packet) over a network. These packets include a source and a destination address, the data being transmitted, and a series of data integrity and security bits. For example, a typical Ethernet packet used for transferring data across a network generally includes a preamble which may include a start frame indication, a destination address to identify the receiving node for the Ethernet packet, a source address to identify the transmitting node directly on the transmitted packet, and a set of fields to indicate packet characteristics, such as the packet type. Typically, a computer system may communicate over a network using an interface that includes an Ethernet adapter to enable transfer of Ethernet packets from one Ethernet device to another Ethernet device coupled to the network.
 Among other layers, a protocol stack for the Ethernet includes a media access control (MAC) layer. A conventional Ethernet media access controller corresponding to the MAC layer is responsible for controlling the flow of data over a network, including encapsulating received data from an upper layer based on processing control information (e.g., rules). When an Ethernet packet is received at the Ethernet adapter, a MAC-based controller may parse the Ethernet packet using static rules (e.g., microcode) for a subsequent transfer to a host. A typical MAC-based controller includes a parser with a set of associated rules to process the Ethernet packets.
 Although all the rules may not be useful to some applications or users, the undesired rules cannot be dropped easily since the parser may be hardcoded, depriving a need-based selection of the rules and wasting precious hardware real estate especially silicon die area. When the “microcode” is changed, manufacturing may have to be stalled before appropriate standards are stabilized, significantly increasing validation overhead. That is, when the parsing capabilities of an Ethernet adapter need a change, a parser may need to be validated again. Moreover, once processing control information (e.g., rules defining parsing capabilities) is passed to the parser, this information remains “static” for a particular Ethernet packet or a predetermined number of Ethernet packets because it may be difficult to modify the parsing operations performed by the MAC-based controller during a communication.
 Thus, there is a need to selectively change or modify parsing capabilities for packets.
FIG. 1 is a schematic depiction of a system consistent with one embodiment of the present invention;
FIG. 2 is a schematic depiction of an Ethernet device coupled to a host system in accordance with one embodiment of the present invention; and
FIG. 3 is a schematic depiction of a media access controller in accordance with an embodiment of the present invention;
FIG. 4 shows a state machine defining a dynamic parser according to one embodiment of the present invention;
FIG. 5A is a flow chart showing how data in the Ethernet device of FIG. 2 may be routed in accordance with one embodiment of the present invention;
FIG. 5B is a flow chart showing how a data packet may be parsed by one embodiment of the dynamic parser of FIG. 2 in accordance with one embodiment of the present invention;
FIG. 5C is a flow chart showing how a data packet may be parsed by another embodiment of the dynamic parser of FIG. 2 in accordance with one embodiment of the present invention;
FIG. 6 is a schematic depiction of a computer system capable of dynamically loading parsing capabilities for an Ethernet packet according to one embodiment of the present invention; and
FIG. 7 is a schematic depiction of one embodiment of the Ethernet device of FIG. 2 capable of dynamically loading parsing capabilities for an Ethernet packet according to one embodiment of the present invention.
 A system 10 as shown in FIG. 1 includes an interface, such as a network interface card (NIC) 20 coupled to a host 30 via a link 35 for communicating data on a communication medium 40 (e.g., a network wire or coaxial cable), over a network 50 capable of processing packets of the data. The NIC 20 includes an Ethernet device 55 comprising a parser 60 which may dynamically load processing control information (e.g., rules that define parsing capabilities) from a source 65 storing rules. Using the parser 60, media access control layer processing may be provided within the Ethernet device 55 to controllably manipulate packets in network hardware, allowing packet processing information to be selectively modified while managing the packets being transmitted and received through the network 50.
 According to one embodiment, the Ethernet device 55 may be a network controller that enables communication of Ethernet packets for the host 30 over the network 50. In some embodiments, the source 65 may be a database or a non-volatile storage device, such as an erasable programmable read-only memory (EPROM) which is programmable and can be erased and reused.
 A typical data packet used for transferring data across the network 50 may include at least one of a length and a type field to indicate either the length or type, or both characteristics, of the data field that follows. Based on information provided in these fields, a data packet may be appropriately classified. In one case, if a length is provided, the data packet is classified as an Institute of Electrical, Electronic Engineers (IEEE) standard 802.3 based packet, and if the type field is provided, the packet is classified as an Ethernet packet. The IEEE standard 802.3 is set forth in a specification entitled “Information Technology—LAN/MAN—Part 3: Carrier Sense Multiple Access with Collision Detection (CSMA/CD) Access Method and Physical Layer Specifications, ISO/IEC 8803-2000 and ANSI IEEE std. 802.3-2000.”
 Regardless of the data rates, the Ethernet device 55 may process Ethernet packets for the entire class of the CSMA/CD protocols, such as indicated in a family of known computer industry standards. For example, including but is not limited to, 1-megabit Ethernet, 10-megabit Ethernet, 100-Megabit Ethernet, known as “Fast Ethernet,” 1000-Megabit Ethernet or 1-Gigabit Ethernet, known as “Gigabit Ethernet” and any other network protocols at any other data rates that may be useful in packet-based networks.
 In operation, using the Ethernet device 55, the host 30 may communicate with another Ethernet device by exchanging packets, or frames, of information over the network 50 based on a network protocol. As an example, the network protocol may be a Transmission Control Protocol/Internet Protocol (TCP/IP), and as a result, the another Ethernet device and the host 30 may implement protocol stacks, such as TCP/IP stacks.
 For the Ethernet device 55 (e.g., a client or a node on the network 50), in one case the TCP/IP stack may be divided into five hierarchical layers: an application layer, a transport layer, a network layer, a data link layer and a physical layer. For example, in some embodiments, an open systems interconnection (OSI) layered model developed by the International Organization for Standards (ISO) as set forth in a specification entitled “Information technology—Telecommunications and information exchange between systems—Use of OSI applications over the Internet Transmission Control Protocol (TCP) ISO/IEC 14766:1997” may be used. This specification generally describes the exchange of information between layers is particularly useful for separating the functions of each layer, and thereby facilitating the modification or update of a given layer without detrimentally impacting on the functions of neighboring layers. At the lowest layer, the OSI model includes the physical layer that is responsible for encoding and decoding data into signals that are transmitted across the communication medium 40.
 Referring to FIG. 2, the Ethernet device 55 is coupled to a host system 30 a via a bus 75 such as a peripheral component interconnect (PCI) bus, according to one embodiment of the present invention. The Ethernet device 55 further includes a network adapter 80 to receive the network data on the communication medium 40. The network data received over the communication medium 40 is received in a physical layer (PHY) 85. The network data may include packets in one embodiment.
 To process the packets, the network adapter 80 includes a media access control (MAC) 90. The MAC 90 further includes a dynamic parser 60 a and a memory 100, storing a set of rules 110. The rules 110 may be used by the dynamic parser 60 a in one embodiment. Using a pair of bridges, the bus 75 may operably couple the Ethernet device 55 to the host system 30 a. More specifically, the network adapter 80 comprises a network bridge 120 to interface with a host bridge 125 of the host system 30 a. While the network bridge 120 enables the Ethernet device 55 to communicate with the bus 75, the host bridge 125 enables the host system 30 a to communicate with the bus 75, in accordance with one embodiment of the present invention.
 By deploying any one of a variety of available architectures, the host system 30 a may include a host processor 140 and a host memory 145 in one embodiment. Examples of the host system 30 a include a processor-based system, such as a desktop computer, a laptop computer, a server, or any of a variety of other computers or processor-based devices. In addition, the Ethernet device 55 may be part of an Ethernet adapter that also includes an embedded memory 150 and an embedded processor 155. Both the embedded memory 150 and the embedded processor 155 may be operably coupled to the network bridge 120, in one embodiment of the present invention.
 While protocol data units (PDUs) may be stored in the host memory 145, protocol headers, such as Ethernet headers, for the Transmission Control Protocol/Internet Protocol (TCP/IP) may be formed in the embedded memory 150. A typical Ethernet packet may include an IP header that indicates such information as the source and destination IP addresses for the packet. The Ethernet packet may include a security header that indicates a security protocol (e.g., an IPSec protocol) and attributes of the packet. Also, the Ethernet packet may include a transport protocol header (a TCP protocol header, as an example) that is specific to the transport protocol being used. As an example, a TCP protocol header might indicate a TCP destination port and a TCP source port that uniquely identify the applications that cause the Ethernet device 55 associated with the host system 30 a to transmit and receive the packets. The Ethernet packet may also include a data portion, the contents of which are furnished by the source application, and a trailer that is used for encryption purposes.
 As an example, a TCP protocol header may include a field that indicates the TCP source port address and a field that indicates the TCP destination port address. Another field of the TCP protocol header may indicate a sequence number that is used to concatenate received packets of an associated flow. Packets that have the same IP addresses, transport layer port addresses and security attributes are part of the same flow, and a sequence number indicates the order of a particular packet in that flow.
 As an example, software that is associated with the transport and network layers, when executed by a processor 155 of the Ethernet device 55, typically causes the Ethernet device 55 to parse the information that is indicated by the protocol header to facilitate additional processing of the packet. However, the execution of the software parsing of the Ethernet packets may introduce delays that impede the communication of the Ethernet packets from the Ethernet device 55 for the host system 30 a.
 On the other hand, hardware-based MAC implementations often use an internal parser embedded into network hardware to identify packet types in order to apply actions. Examples of these actions may include parsing Internet Protocol security (IPSec) packets and matching parameters in order to imply inline decryption, parsing wake-up packets, parsing manageability packets, and splitting parsed packet headers in order to achieve zero copy performance. However, such hardware-based MAC implementations may be inefficient. One reason for inefficiency in such hardware parsers includes pre-loading unnecessary rules associated with packets that a user may never use.
 More specifically, when a packet format is to be defined while the network hardware (e.g., integrated circuit (IC) chip) planning may not be delayed, the hardware-based MAC implementations are significantly constrained. That is, once parsing rules have been configured, and the network hardware has been manufactured, redefining the parsing rules may not be feasible. In addition, the preference for functionality may change among the original equipment manufactures (OEMs).
 Another problem involves defining inline parsing rules for the IPSec capable Ethernet adapters where a protocol change may be difficult to address, for example, when transitioning from one type of encapsulation to another type of encapsulation, even if a generic cryptographic engine is deployed. Defining inline parsing rules for “Header Splitting” features may also be difficult because predicting the preferred protocol types may not be generally feasible. That is, processing or defining rules for a “Header Splitting” feature in the hardware-based MAC implementations may be difficult. In general, the “Header Splitting” feature makes it possible to define a split between packet data, and packet headers. One reason to use splitting is to have user data on a page boundary, so it can be transferred to a particular user space without copying (e.g., Zero Copy). However, the user data may exist in various offsets. Depending on the protocol types which are being used, extraction of the user data from a TCP packet may become difficult while using static parsing/action rules.
 To this end, in one embodiment, the MAC 90 may comprise a combination of functional components, including but not limited to, a rule-based parser, a set of dynamically loadable parsing rules, an action-based component, and a set of dynamically loadable action rules. The rule-based parser behaves according on the loadable sets of rules. The parsing and action rules may be dynamically loaded from an external interface (e.g., software, EPROM). The action-based component may perform various desired actions on a processed packet based on a parsed state of the packet. The action rules determine how actions may be applied to the packet. In some embodiments, both the parsing and action rules may be dynamically loaded to provide parameters to the action-based component.
 Without limiting the scope of the present invention, an ability may be provided in the MAC 90 to dynamically load parsing and/or action rules rather than using “microcode” for manipulating packets. Some examples of addressing one or more above indicated problems include handling inbound IPSec traffic or dynamically adding rules to add user datagram protocol (UDP) encapsulation capabilities. Likewise, dropping of packets may be carried out based on a predefined policy and out-of-band information may be added for the parsed packet, as examples. Stripping of particular data from the packet, such as a virtual local area network (VLAN) tagging, may also be done in one embodiment. Splitting the data region of the packet on page aligned buffers may be accomplished as well in some embodiments.
 Consistent with one embodiment of the present invention, a media access control (MAC) 90 a is shown in FIG. 3. The MAC 90 a includes memory for rules 100 a and the rule-based parser 60 b and an action module 160. The memory for rules 100 a includes a set of parsing rules and a set of action rules. The parsing rules may be dynamically loaded into parsing rules memory 170. In a similar fashion, the action rules may also be dynamically loaded into the action rules memory 175. For appropriate classification of packets, the rule-based parser 60 b may receive a packet on a receive path 177. Then, based on the dynamically loaded parser rules, the rule-based parser 60 b attaches a state to the received packet. The action module 160 processes the received packet according to the given state by using the action rules. Then, in some embodiments, the received and processed packet may be forwarded to the host system 30 a, more particularly, to the host memory 145 shown in FIG. 2.
 A state machine 180 shown in FIG. 4 may be represented by a parser table, which can be used by the rule-based parser 60 b of FIG. 3 according to one embodiment of the present invention. The state machine 180 includes a plurality of states including a “S0” state 182, a “S1” state 184, a “S2” state 186, a “S3” state 188, and a “S4” state 190. As shown in Table 1, the parser table includes a table line or row with each table line having multiple table entries or fields, for example, a packet offset field, a packet value field, and “PRE,” “POST” states where a last bit indicates if it is a final state.
TABLE 1 Offset Value PRE State POST State 12 0x0800 S0 S1 12 0x8137 S0 S4 14 0x45 S1 S2 23 0x06 S2 S3 . . . . . . . . . . . .
 Some examples of the packet offset include 12, 12, 14, 23 bits of offset. Similarly, examples of the packet value include hexadecimal values, such as 0×0800, 0×8137, 0×45, and 0×06. While a starting state for a transition in the state machine 180 may be treated as a “PRE” state, the ending state of the transition may be indicated as a “POST” state. For instance, one transition from the “S0” state 182 to the “S2” state 186 may indicate the “S0” state 182 as the “PRE” state and the “S2” state 186 as the “POST” state.
 Of course, when the state machine 180 is loaded as parsing rules into the parsing rules memory 170, any number of states may be advantageously provided depending upon a specific application. For parsing incoming packets, the memory for rules 100 a associated with the rule-based parser 60 b of FIG. 3 describes the state machine 180. In one specific case, the state machine 180 is used to classify and then split simple TCP data from the headers (e.g., classification may be provided by the rule-based parser 60 b, and splitting may be provided by the action module 160). In one embodiment, the table lines in the parsing table are ordered according to the offset field to parse the incoming packet using only one pass. Of course, “on-the-fly” parsing may be provided in some embodiments where parsing may begin before the packet was fully received (e.g., as the packet gets into the first-in-first-out (FIFO) or any other component serially).
 When the MAC 90 a of FIG. 3 is configured to serially parse the data flow, the packet offset field may be examined for each packet by going through each table line. After a packet is parsed, the action rules in the memory for rules 100 a may be informed accordingly. A memory layout for the memory for rules 100 a (e.g., in a table format) may define one way to break the packet into one or more page-aligned buffers in some embodiments. The memory layout may comprise a final state and a corresponding break offset in some embodiments of the present invention. Based on the final state, the network hardware, i.e., the Ethernet device 55, may split the data from the headers for the packet.
 As described above, a parsing state may be associated with a packet being parsed. Based on the parsing state, the memory layout may indicate at which offset the packet may be split. In one case, for the final state being the “S3” state 188, the break offset may be 52 bits where a TCP data offset is provided to break user data included in the packet. A “zero” break offset may indicate no splitting is desired. In order to implement a split, for each table line or row of the parsing table, the state associated with the packet is checked against the final state in that table line or row. When the state is determined to be the final state, a transfer function is initiated using the break offset indicated in that table line or row. Using the state machine 180 and a memory layout, various parsing rules for addressing multiple protocol types may be defined in one embodiment. For example, a memory size for the memory for rules 100 a may be derived as 24 bytes for a parsing table, i.e., (2 bytes (word)×4 (columns)×3 (rows)) and 8 bytes for an action based table, i.e., (2 bytes (word)×2 (columns)×2 (rows)).
 When multiple breaks per packet are desired, in one embodiment, the number of columns may be increased accordingly. In this case, the increase in the size for the memory for rules 100 a may be moderate, however, while parsing other protocol types, a linear increase of the memory size may be desired. In some embodiments, should there be any memory space limitations, the parsing rules may be partially performed and packets may be split based on these partial rules. In such a case, a software stack may be used as a verifier to check whether the parsing was addressed correctly based on these partial rules. An improper splitting of the data may be indicated as unaligned, using available traditional operating system (OS) mechanisms for one embodiment of the present invention.
 An Ethernet device 55 a shown in FIG. 5A may receive packets for a media access control layer processing at block 195. The rule-based parser 60 b (FIG. 3) may be selectively defined at block 197. The rule-based parser 60 b may be defined in either alone or in a combination of at least one of firmware, software, and hardware. Based on the definition, one or more parsing/action rules may be either dynamically loaded at block 199, or alternatively existing parsing/action rules in the rules memory 100 a may be used. Using the parser/action rules, packet types of the received packets may be identified at block 201. A check at diamond 203 may determine the packet type of a packet under processing by associating a parsed state therewith. If the packet type is determined to be of type A, one or more first actions may be performed on that packet based on that parsed state of the packet at block 205. Conversely, if the packet type is determined to be of type B, one or more second actions may be performed based on the parsed state of the packet at block 207. In one embodiment, the processed packet may be sent to the host memory 145 (FIG. 2) at block 209.
 A packet may be of any one of types based on one or more characteristics derived from information included within the packet. For example, a particular field of the packet may characterize the packet types, i.e., the type A, or B. In some embodiments, the type A may be differentiated from the type B on the basis of the packet offsets indicated in the packet.
 For each packet, dynamic parser software 210 shown in FIG. 5B may set a state as an initial “PRE” state according to the state machine 180 of FIG. 4 at block 211. In one embodiment, a parsing table including one or more table entries may represent the state machine 180. For each table entry in the parsing table, a check at diamond 213 may ascertain (1) whether the packet offset associated with the packet matches the corresponding value in the parsing table and (2) whether the state is indeed the “PRE” state corresponding to the table entry. If the offset and state do not have a corresponding value in the parsing table then the dynamic parser software 210 proceeds to the diamond 219. Otherwise, the state is set to be a “POST” state corresponding to the appropriate table entry at block 217.
 A check at diamond 219 may determine whether the state is the final state within the state machine 180 of FIG. 4. If the state is determined to be the final state, the dynamic parser software 210 may finish this iteration. Alternatively, the dynamic parser software 210 may again perform the check at the diamond 213 for each table entry in the parsing table. In this way, the dynamic parser software 210 may continue to provide appropriate packet routing. That is, the dynamic parser software 210 may enable packet switching where each Ethernet packet is first examined to determine its destination and then forwarded to an appropriate destination port. As a result, only its destination port sees the Ethernet packet.
 Common methods for switching include an “on-the-fly” method, a “store-and-forward” method, and a “fragment-free” method. In the “non-on-the-fly” methods, a time delay from receiving a data packet to transmitting the data packet is significantly large. However, in the “on-the-fly” method, a destination address field may be provided in a header of a data packet, significantly reducing the time delay from receiving the data packet to transmitting the data packet.
 An “on-the-fly” dynamic parser 210 a is shown in FIG. 5C for dynamically loading one or more actions and parsing rules in one embodiment. At block 221, for each packet, the associated state is set to an initial “PRE” state according to the state machine 180 of FIG. 4. Then, starting at a first table entry in a parsing table at block 222, the “on-the-fly” dynamic parser 210 a may check the packet offset from zero to the packet size for each packet at block 223.
 A check at diamond 224 determines whether the packet offset is less than the offset indicated for that packet in a particular table entry. If so, another check at diamond 226 may compare the packet offset to the value for that packet in that particular table entry. The associated state may be checked against a “PRE” state corresponding to that particular table entry. Conversely, if at the diamond 224, it is determined that in a particular table entry, the packet offset is greater than the offset for that packet, the next table entry of the parsing table is processed at block 225.
 For each packet, the associated state may be set as the “POST” state corresponding to a current table entry at block 227. In one embodiment, a check at diamond 228 as to the status of the associated state may determine whether an associated state for a packet being processed is a final state of the state machine 180 (FIG. 4). If that is not the case, then the current table entry may be incremented to a next table entry in block 225. Otherwise, another check may be performed for the current table entry at diamond 229. If determined to be the last table entry, then the “on-the-fly” dynamic parser 210 a may finish the current iteration. Alternatively, the “on-the-fly” dynamic parser 210 a may proceed to the block 223, in one embodiment.
 Referring to FIG. 6, in some embodiments of the present invention, a computer system 230 may include a system memory 232 coupled to a memory controller hub 234. In particular, in some embodiments of the present invention, the computer system 230 may include a processor 242 (one or more microprocessors or controllers, as examples) that is coupled to a system bus 240. The system bus 240, in turn is coupled to the memory controller hub 234 along with an accelerated graphics port (AGP) bus 244. The AGP bus 244 is described in detail in the Accelerated Graphics Port Interface Specification, Revision 1.0, published on Jul. 31, 1996, by Intel Corporation of Santa Clara, Calif.
 The computer system 230 may also include a display controller 246 that is coupled to the AGP bus 244 and generates signals to drive a video display 248. The memory controller hub 234 is also coupled (via a hub interface 250) to an input/output (I/O) hub 252. The I/O hub 252 may provide interfaces to, for example, the PCI bus 75 of FIG. 2 and an expansion bus 262. The specification for the PCI bus 75 is set forth in a specification entitled “PCI Local Bus Specification, Revision 2.2, 1998.” The PCI bus 75 may be coupled to the NIC 20 of FIG. 1, and the I/O controller 264 may receive input from a mouse 266, and a keyboard 268, as well as control operation of a floppy disk drive 270. The I/O hub 252 may also control operations of a CD-ROM drive 258 and a hard disk drive 260.
 According to one embodiment of the present invention, the Ethernet device 55 of FIG. 7 may include the network adapter 80. In the illustrated embodiment, the network adapter 80 may comprise a transmit (Tx) portion for processing data received from an upper layer, and a receive (Rx) portion for processing Ethernet packets received from the communication medium 40. In the receive (Rx) portion, the network adapter 80 may further include one or more first-in-first-out (FIFO) memories 306 to temporarily store the incoming packets through the communication medium 40. A checksum engine 308 (of the receive (Rx) portion) may be coupled between the FIFO memory 306 and the network bridge 120 for purposes of verifying checksums that are embedded in the packets.
 Essentially, the network adapter 80 may interface to the PCI bus 75 via the network bridge 120. The network bridge 120 may include an emulated direct memory access (DMA) engine 331 that is used for the purposes of transferring the data portions of the packets directly into one or more buffers in some embodiments. Moreover, the network adapter 80 may include additional circuitry, such as a serial-to-parallel conversion circuit 296 that may receive a serial stream of bits from a network interface 290 when a packet is received from the communication medium 40, such as a network wire or coaxial cable. In this manner, the conversion circuit 296 packages the bits into bytes and provides these bytes to a receive dynamic parser 60 d. The network interface 290 may be coupled to generate and receive signals to/from the network 50 over the communication medium 40 of FIG. 1.
 In addition to the receive (Rx) portion, the network adapter 80 may include other hardware circuitry to transmit outing packets to the network 50. In the transmit (Tx) portion, the network adapter 80 may include a transmit dynamic parser 60 c that is coupled to the network bridge 120 to receive outgoing packet data from the computer system 230 and form the header on the packets. To accomplish this, in some embodiments, the transmit dynamic parser 60 c stores the headers of predetermined flows in a header memory 316. A transmit checksum engine 320 may compute checksums for the IP and network headers of the outgoing packet and incorporate the checksums into the packet.
 The transmit (Tx) portion may include a transmit MAC memory 100 b, storing a transmit rules 110 b. The transmit rules 110 b may provide parsing capabilities to the transmit dynamic parser 60 c through a loadable set of action-based rules, in one embodiment of the present invention. Likewise, the receive (Rx) portion may include a receive MAC memory 100 c, storing a receive rules 110 c. The receive rules 110 c may provide parsing capabilities to the receive dynamic parser 60 d through a loadable set of action-based rules. In some embodiments, each of the transmit and receive dynamic parsers 60 c, 60 d may include one or more state machines, counter(s) and timer(s), as examples, to perform desired functions for each outgoing and incoming packet, respectively.
 The transmit (Tx) portion may further include an authentication and encryption engine 326 that may encrypt and/or authenticate the data of the outgoing packets. In this manner, all packets of a particular flow may be encrypted and/or authenticated via a key that is associated with the flow, and the keys for the different flows may be stored in a key memory 324. The transmit (Tx) portion may also include one or more FIFO memories 322 to synchronize the flow of the packets through the network adapter 80. A parallel-to-serial conversion circuit 328 may be coupled to the FIFO memory 322 to retrieve packets that are ready for transmission for the purposes of serializing the data of the outgoing packets. Once serialized, the circuit 328 may pass the data to the network interface 290 for transmission to the network 50.
 Even though packet parsing is done in network hardware, extending the existing parsing capabilities to be dynamically loaded affords numerous advantages in different situations. Advantageously, one embodiment of the present invention may implement many features, such as IPSec, Firewall, VLAN and priority tagging, and header splitting as a means to deploy Zero Copy.
 Furthermore, since a dynamic parser does not have to be hardcode, all the parsing rules that may not be useful to some applications or users may be dropped with a relative ease in one embodiment of the present invention. In addition, a need-based selection may be offered by fine-tuning the requirements, saving silicon space. Silicon manufacturing does not have to stall in order to wait for stabilizing standards and silicon validation may be significantly reduced. That is, the silicon code path of a dynamic parser may ideally be validated only once. Once it's validated, no further validation may ideally be needed again when changing the parsing capabilities of the dynamic parser.
 While the present invention has been described with respect to a limited number of embodiments, those skilled in the art will appreciate numerous modifications and variations therefrom. It is intended that the appended claims cover all such modifications and variations as fall within the true spirit and scope of this present invention.
|Brevet cité||Date de dépôt||Date de publication||Déposant||Titre|
|US2151733||4 mai 1936||28 mars 1939||American Box Board Co||Container|
|CH283612A *||Titre non disponible|
|FR1392029A *||Titre non disponible|
|FR2166276A1 *||Titre non disponible|
|GB533718A||Titre non disponible|
|Brevet citant||Date de dépôt||Date de publication||Déposant||Titre|
|US7317723 *||3 févr. 2004||8 janv. 2008||Cisco Technology, Inc.||Action based termination of multidimensional lookup|
|US7346701 *||23 août 2003||18 mars 2008||Broadcom Corporation||System and method for TCP offload|
|US7613209 *||30 mars 2004||3 nov. 2009||Extreme Networks, Inc.||System and method for egress packet marking|
|US7636787 *||23 juil. 2007||22 déc. 2009||Huawei Technologies Co., Ltd.||Parser for parsing text-coded protocol|
|US7657104||21 nov. 2005||2 févr. 2010||Mcafee, Inc.||Identifying image type in a capture system|
|US7675915||25 oct. 2007||9 mars 2010||Extreme Networks, Inc.||Packet processing system architecture and method|
|US7689614||22 mai 2006||30 mars 2010||Mcafee, Inc.||Query generation for a capture system|
|US7730011||19 oct. 2005||1 juin 2010||Mcafee, Inc.||Attributes of captured objects in a capture system|
|US7751440||4 déc. 2003||6 juil. 2010||Intel Corporation||Reconfigurable frame parser|
|US7774604||22 nov. 2004||10 août 2010||Mcafee, Inc.||Verifying captured objects before presentation|
|US7814327||30 mars 2004||12 oct. 2010||Mcafee, Inc.||Document registration|
|US7818326||31 août 2005||19 oct. 2010||Mcafee, Inc.||System and method for word indexing in a capture system and querying thereof|
|US7822038||24 sept. 2007||26 oct. 2010||Extreme Networks, Inc.||Packet processing system architecture and method|
|US7849208||18 févr. 2008||7 déc. 2010||Broadcom Corporation||System and method for TCP offload|
|US7886138||16 mars 2007||8 févr. 2011||Sharp Laboratories Of America, Inc.||Methods and systems for firmware access and modification|
|US7899828||30 mars 2004||1 mars 2011||Mcafee, Inc.||Tag data structure for maintaining relational data over captured objects|
|US7907608||12 août 2005||15 mars 2011||Mcafee, Inc.||High speed packet capture|
|US7930540||22 nov. 2004||19 avr. 2011||Mcafee, Inc.||Cryptographic policy enforcement|
|US7949849||27 juin 2005||24 mai 2011||Mcafee, Inc.||File system for a capture system|
|US7957378 *||25 août 2004||7 juin 2011||Cisco Technology, Inc.||Stateful flow of network packets within a packet parsing processor|
|US7958227||7 juin 2011||Mcafee, Inc.||Attributes of captured objects in a capture system|
|US7962591||23 juin 2004||14 juin 2011||Mcafee, Inc.||Object classification in a capture system|
|US7962904 *||10 mai 2007||14 juin 2011||Microsoft Corporation||Dynamic parser|
|US7984175||30 mars 2004||19 juil. 2011||Mcafee, Inc.||Method and apparatus for data capture and analysis system|
|US8005863||20 janv. 2010||23 août 2011||Mcafee, Inc.||Query generation for a capture system|
|US8010689||22 mai 2006||30 août 2011||Mcafee, Inc.||Locational tagging in a capture system|
|US8090873 *||14 mars 2005||3 janv. 2012||Oracle America, Inc.||Methods and systems for high throughput information refinement|
|US8161270||30 mars 2004||17 avr. 2012||Extreme Networks, Inc.||Packet data modification processor|
|US8161539 *||19 avr. 2002||17 avr. 2012||International Business Machines Corporation||IPSec network adapter verifier|
|US8166307||31 août 2010||24 avr. 2012||McAffee, Inc.||Document registration|
|US8176049||31 mars 2010||8 mai 2012||Mcafee Inc.||Attributes of captured objects in a capture system|
|US8200026||26 mai 2009||12 juin 2012||Mcafee, Inc.||Identifying image type in a capture system|
|US8205242||10 juil. 2008||19 juin 2012||Mcafee, Inc.||System and method for data mining and security policy management|
|US8271794||1 juil. 2010||18 sept. 2012||Mcafee, Inc.||Verifying captured objects before presentation|
|US8301635||13 déc. 2010||30 oct. 2012||Mcafee, Inc.||Tag data structure for maintaining relational data over captured objects|
|US8307007||20 juil. 2011||6 nov. 2012||Mcafee, Inc.||Query generation for a capture system|
|US8307206||14 mars 2011||6 nov. 2012||Mcafee, Inc.||Cryptographic policy enforcement|
|US8334995||19 sept. 2007||18 déc. 2012||Sharp Laboratories Of America, Inc.||Method and system for adaptive control of imaging node|
|US8447722||25 mars 2009||21 mai 2013||Mcafee, Inc.||System and method for data mining and security policy management|
|US8463800||27 mars 2012||11 juin 2013||Mcafee, Inc.||Attributes of captured objects in a capture system|
|US8473442||25 févr. 2009||25 juin 2013||Mcafee, Inc.||System and method for intelligent state management|
|US8504537||24 mars 2006||6 août 2013||Mcafee, Inc.||Signature distribution in a document registration system|
|US8539119||23 nov. 2005||17 sept. 2013||Qualcomm Incorporated||Methods and apparatus for exchanging messages having a digital data interface device message format|
|US8548170||25 mai 2004||1 oct. 2013||Mcafee, Inc.||Document de-registration|
|US8554774||1 sept. 2010||8 oct. 2013||Mcafee, Inc.||System and method for word indexing in a capture system and querying thereof|
|US8560534||27 janv. 2009||15 oct. 2013||Mcafee, Inc.||Database for a capture system|
|US8601537||19 mars 2012||3 déc. 2013||Mcafee, Inc.||System and method for data mining and security policy management|
|US8605732||15 févr. 2011||10 déc. 2013||Extreme Networks, Inc.||Method of providing virtual router functionality|
|US8606946||12 nov. 2004||10 déc. 2013||Qualcomm Incorporated||Method, system and computer program for driving a data signal in data interface communication data link|
|US8611215||22 sept. 2011||17 déc. 2013||Qualcomm Incorporated||Systems and methods for digital data transmission rate control|
|US8625625||26 avr. 2011||7 janv. 2014||Qualcomm Incorporated||High data rate interface apparatus and method|
|US8630305||3 juin 2005||14 janv. 2014||Qualcomm Incorporated||High data rate interface apparatus and method|
|US8630318||29 janv. 2010||14 janv. 2014||Qualcomm Incorporated||High data rate interface apparatus and method|
|US8635358||5 oct. 2010||21 janv. 2014||Qualcomm Incorporated||High data rate interface|
|US8635706||16 mars 2012||21 janv. 2014||Mcafee, Inc.||System and method for data mining and security policy management|
|US8645566||24 mars 2005||4 févr. 2014||Qualcomm Incorporated||High data rate interface apparatus and method|
|US8645578||22 déc. 2004||4 févr. 2014||Intel Corporaton||Routing of messages|
|US8650304||14 avr. 2005||11 févr. 2014||Qualcomm Incorporated||Determining a pre skew and post skew calibration data rate in a mobile display digital interface (MDDI) communication system|
|US8656039 *||8 juin 2004||18 févr. 2014||Mcafee, Inc.||Rule parser|
|US8667121||25 mars 2009||4 mars 2014||Mcafee, Inc.||System and method for managing data and policies|
|US8667363||23 nov. 2005||4 mars 2014||Qualcomm Incorporated||Systems and methods for implementing cyclic redundancy checks|
|US8669988||10 mars 2005||11 mars 2014||Qualcomm Incorporated||High data rate interface apparatus and method|
|US8670457||8 déc. 2004||11 mars 2014||Qualcomm Incorporated||High data rate interface with improved link synchronization|
|US8681817||28 oct. 2008||25 mars 2014||Qualcomm Incorporated||Generating and implementing a signal protocol and interface for higher data rates|
|US8683035||18 avr. 2011||25 mars 2014||Mcafee, Inc.||Attributes of captured objects in a capture system|
|US8687658||24 nov. 2004||1 avr. 2014||Qualcomm Incorporated||High data rate interface with improved link synchronization|
|US8692838||23 nov. 2005||8 avr. 2014||Qualcomm Incorporated||Methods and systems for updating a buffer|
|US8692839||25 janv. 2008||8 avr. 2014||Qualcomm Incorporated||Methods and systems for updating a buffer|
|US8694652||15 oct. 2004||8 avr. 2014||Qualcomm Incorporated||Method, system and computer program for adding a field to a client capability packet sent from a client to a host|
|US8694663||15 juil. 2010||8 avr. 2014||Qualcomm Incorporated||System for transferring digital data at a high rate between a host and a client over a communication path for presentation to a user|
|US8699330||23 nov. 2005||15 avr. 2014||Qualcomm Incorporated||Systems and methods for digital data transmission rate control|
|US8700561||27 déc. 2011||15 avr. 2014||Mcafee, Inc.||System and method for providing data protection workflows in a network environment|
|US8700744||28 oct. 2008||15 avr. 2014||Qualcomm Incorporated||Generating and implementing a signal protocol and interface for higher data rates|
|US8705521||17 mars 2005||22 avr. 2014||Qualcomm Incorporated||High data rate interface apparatus and method|
|US8705571||12 août 2004||22 avr. 2014||Qualcomm Incorporated||Signal interface for higher data rates|
|US8705579||2 juin 2004||22 avr. 2014||Qualcomm Incorporated||Generating and implementing a signal protocol and interface for higher data rates|
|US8706709||15 janv. 2009||22 avr. 2014||Mcafee, Inc.||System and method for intelligent term grouping|
|US8707008||16 mars 2011||22 avr. 2014||Mcafee, Inc.||File system for a capture system|
|US8719334||10 sept. 2004||6 mai 2014||Qualcomm Incorporated||High data rate interface|
|US8723705||8 août 2006||13 mai 2014||Qualcomm Incorporated||Low output skew double data rate serial encoder|
|US8730069||9 nov. 2007||20 mai 2014||Qualcomm Incorporated||Double data rate serial encoder|
|US8730913||26 avr. 2011||20 mai 2014||Qualcomm Incorporated||High data rate interface apparatus and method|
|US8730955||10 févr. 2011||20 mai 2014||Mcafee, Inc.||High speed packet capture|
|US8745251||16 avr. 2004||3 juin 2014||Qualcomm Incorporated||Power reduction system for an apparatus for high data rate signal transfer using a communication protocol|
|US8756294||29 oct. 2004||17 juin 2014||Qualcomm Incorporated||High data rate interface|
|US8762386||24 juin 2011||24 juin 2014||Mcafee, Inc.||Method and apparatus for data capture and analysis system|
|US8806615||4 nov. 2010||12 août 2014||Mcafee, Inc.||System and method for protecting specified data combinations|
|US8812706||6 sept. 2002||19 août 2014||Qualcomm Incorporated||Method and apparatus for compensating for mismatched delays in signals of a mobile display interface (MDDI) system|
|US8850591||13 janv. 2009||30 sept. 2014||Mcafee, Inc.||System and method for concept building|
|US8873584||23 nov. 2005||28 oct. 2014||Qualcomm Incorporated||Digital data interface device|
|US8918359||16 mai 2013||23 déc. 2014||Mcafee, Inc.||System and method for data mining and security policy management|
|US8924694||11 avr. 2012||30 déc. 2014||Extreme Networks, Inc.||Packet data modification processor|
|US9092471||14 févr. 2014||28 juil. 2015||Mcafee, Inc.||Rule parser|
|US9094338||21 mars 2014||28 juil. 2015||Mcafee, Inc.||Attributes of captured objects in a capture system|
|US20040042483 *||23 août 2003||4 mars 2004||Uri Elzur||System and method for TCP offload|
|US20050122918 *||4 déc. 2003||9 juin 2005||David Johnston||Reconfigurable frame parser|
|US20050238022 *||25 août 2004||27 oct. 2005||Rina Panigrahy||Stateful flow of network packets within a packet parsing processor|
|US20060133370 *||22 déc. 2004||22 juin 2006||Avigdor Eldar||Routing of messages|
|US20140044135 *||10 août 2012||13 févr. 2014||Karthikeyan Sankaralingam||Lookup Engine with Reconfigurable Low Latency Computational Tiles|
|EP1757039A2 *||19 avr. 2005||28 févr. 2007||Cisco Technology, Inc.||Programmable packet parsing processor|
|WO2005062576A1 *||17 nov. 2004||7 juil. 2005||Intel Corp||A reconfigurable frame parser|
|WO2005109788A2||19 avr. 2005||17 nov. 2005||Cisco Tech Inc||Programmable packet parsing processor|
|Classification aux États-Unis||370/398, 370/445|
|Classification internationale||H04L12/413, H04L12/46|
|Classification coopérative||H04L12/4625, H04L12/413|
|Classification européenne||H04L12/413, H04L12/46B7B|
|27 mars 2002||AS||Assignment|
Owner name: INTEL CORPORATION, CALIFORNIA
Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:VALENCI, MOSHE;REEL/FRAME:012743/0493
Effective date: 20020327